Project

General

Profile

Bug #6682

OpenVPN Client does not use "interface" configured. Connection always established through default gateway.

Added by Jose Duarte about 3 years ago. Updated about 3 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
08/05/2016
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

Tested with 2.3, 2.3.1 and 2.3.2
Test scenario: configure multiple WANs, use WAN1 as default gateway, configure OpenVPN client interface WAN2, go to states and check target IP address. Connection will be made through default gateway WAN1.

Workaround: Configure static routes for the openvpn client (completely kills any HA scenario)

Our main purpose is the use a GatewayGroup as the interface for the openvpn connection so we have redundancy on the connection when a WAN fails. Still, if the openvpn client uses always the default gateway this will never work.

History

#1 Updated by Jim Pingle about 3 years ago

  • Status changed from New to Not a Bug
  • Priority changed from Very High to Normal
  • Affected Version deleted (2.3.2)

The state table is fibbing to you a little bit in that case. pf is sending the traffic out the correct WAN, but the interface-bound states show it hitting the interface it originally tried to use. Check the IP address seen by the remote node, and run a packet capture, and you'll find the traffic is actually using the correct WAN, even if the state says otherwise.

I just tested and confirmed this again. We should probably add an FAQ about it, given that is is confusing/unintuitive.

Also available in: Atom PDF